[PATCH] wireguard: Add option to disable Endpoint Host Dependency

Fabian Bläse fabian at blaese.de
Sa Mai 25 20:19:19 CEST 2019


Hallo Adrian,

vielen Dank, das macht meinen wireguard Patch dann viel angenehmer zum Reviewen.

Reviewed-by: Fabian Bläse <fabian at blaese.de>

Gruß
Fabian

On 24.05.19 13:00, Adrian Schmutzler wrote:
> When using IPv6 addresses (or DNS which has AAAA record) as endpoint,
> add_host_dependency fails for some reason which causes the wireguard
> interface to disappear.
> 
> This patch backports an option from OpenWrt master, where
> host_dependency can be disabled by adding 'option nohostroute 1'
> to the interface.
> 
> This is an alternate approach based on the work of Fabian Bläse.
> 
> Signed-off-by: Adrian Schmutzler <freifunk at adrianschmutzler.de>
> ---
>  ...01-wireguard-introduce-nohostroute-option.patch | 47 ++++++++++++++++++++++
>  1 file changed, 47 insertions(+)
>  create mode 100644 build_patches/openwrt/0201-wireguard-introduce-nohostroute-option.patch
> 
> diff --git a/build_patches/openwrt/0201-wireguard-introduce-nohostroute-option.patch b/build_patches/openwrt/0201-wireguard-introduce-nohostroute-option.patch
> new file mode 100644
> index 00000000..09d43ddc
> --- /dev/null
> +++ b/build_patches/openwrt/0201-wireguard-introduce-nohostroute-option.patch
> @@ -0,0 +1,47 @@
> +From: Daniel Golle <daniel at makrotopia.org>
> +Date: Tue, 19 Mar 2019 16:47:17 +0100
> +Subject: wireguard: introduce 'nohostroute' option
> +
> +Use a new config option 'nohostroute' to explicitely prevent creation
> +of the route to the endpoint.
> +
> +Signed-off-by: Daniel Golle <daniel at makrotopia.org>
> +[squashed with commit 1e8bb50, shorten commit message]
> +Signed-off-by: Adrian Schmutzler <freifunk at adrianschmutzler.net>
> +
> +diff --git a/package/network/services/wireguard/files/wireguard.sh b/package/network/services/wireguard/files/wireguard.sh
> +index 96fa7215ff..fb781070d6 100644
> +--- a/package/network/services/wireguard/files/wireguard.sh
> ++++ b/package/network/services/wireguard/files/wireguard.sh
> +@@ -114,6 +114,7 @@ proto_wireguard_setup() {
> +   config_get mtu           "${config}" "mtu"
> +   config_get fwmark        "${config}" "fwmark"
> +   config_get ip6prefix     "${config}" "ip6prefix"
> ++  config_get nohostroute   "${config}" "nohostroute"
> + 
> +   # create interface
> +   ip link del dev "${config}" 2>/dev/null
> +@@ -176,12 +177,14 @@ proto_wireguard_setup() {
> +   done
> + 
> +   # endpoint dependency
> +-  wg show "${config}" endpoints | \
> +-    sed -E 's/\[?([0-9.:a-f]+)\]?:([0-9]+)/\1 \2/' | \
> +-    while IFS=$'\t ' read -r key address port; do
> +-    [ -n "${port}" ] || continue
> +-    proto_add_host_dependency "${config}" "${address}"
> +-  done
> ++  if [ "${nohostroute}" != "1" ]; then
> ++    wg show "${config}" endpoints | \
> ++      sed -E 's/\[?([0-9.:a-f]+)\]?:([0-9]+)/\1 \2/' | \
> ++      while IFS=$'\t ' read -r key address port; do
> ++      [ -n "${port}" ] || continue
> ++      proto_add_host_dependency "${config}" "${address}"
> ++    done
> ++  fi
> + 
> +   proto_send_update "${config}"
> + }
> +-- 
> +2.11.0
> +
> 

-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : signature.asc
Dateityp    : application/pgp-signature
Dateigröße  : 833 bytes
Beschreibung: OpenPGP digital signature
URL         : <https://{'listname': 'franken-dev-freifunk.net', 'hostname': 'lists.freifunk.net'}/pipermail/franken-dev-freifunk.net/attachments/20190525/49f07102/attachment.sig>


Mehr Informationen über die Mailingliste franken-dev